Mozilla Foundation Security Advisory 2010-66

Use-after-free error in nsBarProp

Announced

October 19, 2010

Reporter

Sergey Glazunov

Impact

Critical

Products

Firefox, SeaMonkey, Thunderbird

Fixed in

Firefox 3.5.14

Firefox 3.6.11

SeaMonkey 2.0.9

Thunderbird 3.0.9

Thunderbird 3.1.5

Description

Security researcher Sergey Glazunov reported that
it was possible to access the locationbar property of
a window object after it had been closed. Since the
closed window's memory could have been subsequently
reused by the system it was possible that an attempt to access
the locationbar property could result in the execution of
attacker-controlled memory.